1. The Field of the Invention
The present invention relates generally to identity verification. More particularly, embodiments of the invention relate to systems and methods for using multiple factors including voice recognition to authenticate login parameters generated by a server.
2. The Relevant Technology
According to a 2005 Federal Trade Commission report, 37 percent of all Internet Fraud complaints filed dealt with identity theft. A Gartner research report “Credit Report and Internet Data Theft Results in More Fraud in 2005” found that of those surveyed, financial losses resulting from information stolen off the Internet was $2.7 Billion.
One way Internet fraud can occur is by email spoofing or forging. For example, Bob receives an email that appears to be from his credit card company, when actually it is sent from another source (the “spoofer”). In this instance, the email includes a link that appears to be the credit card company website. The link may in fact point to a site that looks like the credit card company's site but which is, in fact, created by the spoofer to trick Bob into releasing sensitive information. Once the spoofer obtains Bob's sensitive information (e.g., credit card number, pin number, social security number), the spoofer may use Bob's sensitive information for fraudulent purposes. For example, the spoofer may use Bob's credit card information to make purchases and so on.
Unfortunately, many websites are susceptible to spoofing attacks because they employ single-factor authentication, commonly referred to as weak authentication, to establish a user's identity and privileges. Single-factor authentication requires only one independent factor to establish a user's identity and privileges, which factor is often in the form of a password. Passwords can be categorized as something the user knows while other factors that may be used to authenticate a user include something the user has or something the user is. Examples of what a user has include a USB dongle or token, a credit card, a debit card, a smart card, an RFID device, or other physical items. Examples of what a user is include various biometrics, such as a fingerprint, a deoxyribo nucleic acid (DNA) profile, a retinal pattern and so on.
Two-factor authentication, also known as strong authentication, is used to enhance login security. Two-factor authentication requires two independent factors to establish a user's identity and privileges. A common example of two-factor authentication is when Bob withdraws money from an ATM using his debit card (something Bob has) and his personal identification number (something Bob knows). A malicious individual seeking to defraud Bob and his bank needs both the card and the password to withdraw Bob's money from Bob's bank.
While two-factor authentication offers increased security as compared to single-factor authentication, there is no need to limit an authentication process to two factors. Indeed, it may be desirable to use three or more factors in an authentication process. In general terms, however, any authentication process using at least two factors may be referred to as multi-factor authentication.
Multi-factor authentication, often employing something a user knows and one or more differing factors, has worked well with high security personnel and computer professionals but thus far it has not worked well with the public. One reason for the public's reluctance to adopt multi-factor authentication may be that users object to the inconvenience of keeping, carrying and/or locating the multiple physical items necessary to supply the something a user has or something a user knows factor.
For instance, many multi-factor authentication solutions require a password and provide individuals with a physical item (such as a USB dongle or token, a smart card, an RFID device), which provides a second factor for authentication. However, this solution is inconvenient to consumers who conduct business online with multiple companies, and impractical and expensive for companies operating businesses on the Internet, such as financial institutions, ISPs or e-commerce sites.